Severity: High

Description: Before the 2023 Q2 release of the updated ODBC drivers for DataFlux^® Data Management Studio and DataFlux^® Data Management Server that are available in SAS Note 66084, the Oracle Wire Protocol driver and the cURL library that are used by certain DataFlux ODBC drivers when they are configured to use an HTTP proxy are affected by the following security vulnerabilities:

cURL library vulnerabilites:

• CVE-2023-27538
• CVE-2023-27537
• CVE-2023-27536
• CVE-2023-27535
• CVE-2023-27534
• CVE-2023-27533

Oracle Wire Protocol driver vulnerabilities:

• CVE-2023-34364
• CVE-2023-34363

Potential Impact: Impacts vary.  Refer to the CVE records listed in the previous section for details.

Click the Hot Fix tab in SAS Note 66084 to access the hot fix for this issue.